CN108419238A - A kind of method and device of detection rogue AP - Google Patents
A kind of method and device of detection rogue AP Download PDFInfo
- Publication number
- CN108419238A CN108419238A CN201810105829.6A CN201810105829A CN108419238A CN 108419238 A CN108419238 A CN 108419238A CN 201810105829 A CN201810105829 A CN 201810105829A CN 108419238 A CN108419238 A CN 108419238A
- Authority
- CN
- China
- Prior art keywords
- message
- acquisition
- bssid
- rogue
- carried
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/06—Authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W24/00—Supervisory, monitoring or testing arrangements
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W48/00—Access restriction; Network selection; Access point selection
- H04W48/16—Discovering, processing access restriction or access information
Abstract
The invention discloses a kind of method and devices of detection rogue AP, and deployment is complicated when solving to exist in the prior art detection rogue AP, and the higher problem of cost.The method includes:First AP acquires the message that the 2nd AP is sent, and when the BSSID differences of the basic service set identification BSSID carried in the message of acquisition and the first AP, determine the quantity for releasing message identifying and/or disassociation message that the message of acquisition includes, if it is determined that the quantity be more than predetermined threshold value, then the first AP determine the 2nd AP be rogue AP.
Description
Technical field
The present invention relates to field of communication technology, more particularly to a kind of method and device of detection rogue AP.
Background technology
Currently, user passes through Wireless Fidelity (English using mobile terminal:Wireless-Fidelity, referred to as:WiFi it) connects
When entering wireless network, the risk of some secure contexts can be faced, especially current more and more businessmans provide free use
Wi-Fi access, while user-friendly, equally expose more and more risks.It is accessed in all wireless networks
In risk, the maximum one kind of harmfulness should utilize illegal wireless access points (English:Wireless Access
Point, referred to as:AP) wireless network access is provided, a large amount of personal informations of user are then further obtained by fishing website.Tool
For body, legal AP is disguised oneself as by a rogue AP to provide free service on net.User once accesses this rogue AP,
It is difficult to find.User then continues to input the completion certification of oneself account information, at this moment rogue AP just easily obtains user
The account informations such as cell-phone number.And after pretending certification success, any website that user accesses is likely to go to specified fishing
Website, this includes Web bank, various e-bank's paying websites etc., and a large amount of wealth of user is as a result caused to incur loss.
The method of currently used detection rogue AP is to acquire the message that surrounding AP is sent by multiple collecting devices, then
The message of acquisition is sent to detection service device and analyzed by each collecting device, to detect rogue AP.But this detection
Method is realized by deployment services device and multiple collecting devices, and deployment is complicated, and cost is higher.
Invention content
The embodiment of the present invention provides a kind of method and device of detection rogue AP, to solve to exist in the prior art detection
Complexity, and cost higher problem are disposed when rogue AP.
In a first aspect, an embodiment of the present invention provides a kind of methods of detection rogue AP, including:
First AP acquires the message that the 2nd AP is sent;
Basic service set identification (the English carried in the message of acquisition:Basic Service Set
Identifier, referred to as:When BSSID) with the BSSID differences of the first AP, the first AP determines the message of acquisition
Include releases the quantity of message identifying and/or disassociation message;
When the determining quantity is more than predetermined threshold value, the first AP determines that the 2nd AP is rogue AP.
The message that the 2nd AP is sent is acquired by the first AP in the embodiment of the present invention, and is carried in the message of acquisition
Basic service set identification BSSID and the first AP BSSID differences when, determine the releasing that the message of acquisition includes
The quantity of message identifying and/or disassociation message, however, it is determined that the quantity be more than predetermined threshold value, then the first AP is determined
2nd AP is rogue AP.In compared with the prior art by way of disposing multiple collecting devices and detection service device, this
Rogue AP whether there is by the i.e. detectable surroundings of AP itself in inventive embodiments, without increasing additional hardware cost,
And it disposes simple.
With reference to first aspect, in the first possible embodiment of first aspect, the method further includes:
When the BSSID carried in the message of acquisition is identical as the BSSID of the first AP, the first AP is determined
2nd AP is rogue AP.
With reference to first aspect, in second of possible embodiment of first aspect, the predetermined threshold value is access institute
State the quantity of the terminal device of the first AP.
With reference to first aspect, it in the third possible embodiment of first aspect, determines and acquires in the first AP
The message include the quantity for releasing message identifying and/or disassociation message before, the method further includes:
First AP determines the service set (English carried in the message acquired:Service Set
Identifier, referred to as:SSID) identical as the SSID of the first AP.
With reference to first aspect or any possible embodiment of first aspect, the 4th kind in first aspect are possible
In embodiment, the 2nd AP is any AP around the first AP.
Second aspect, an embodiment of the present invention provides the first AP of one kind, including:
Acquisition module, the message for acquiring the 2nd AP transmissions;
Determining module, the basic service set identification BSSID for being carried in the message that the acquisition module acquires
When with the BSSID differences of the first AP, releasing message identifying and/or disassociation that the message of acquisition includes are determined
The quantity of message;When the determining quantity is more than predetermined threshold value, determine that the 2nd AP is rogue AP.
In conjunction with second aspect, in the first possible embodiment of second aspect, the determining module is additionally operable to
When the BSSID carried in the message of the acquisition module acquisition is identical as the BSSID of the first AP, described second is determined
AP is rogue AP.
In conjunction with second aspect, in second of possible embodiment of second aspect, the predetermined threshold value is access institute
State the quantity of the terminal device of the first AP.
In conjunction with second aspect, in the third possible embodiment of second aspect, the determining module is additionally operable to
Before determining the quantity for releasing message identifying and/or disassociation message that the message of acquisition includes, acquisition is determined
The service set SSID carried in the message is identical as the SSID of the first AP.
In conjunction with second aspect or any possible embodiment of second aspect, the 4th kind in second aspect is possible
In embodiment, the 2nd AP is any AP around the first AP.
The message that the 2nd AP is sent is acquired by the first AP in the embodiment of the present invention, and is carried in the message of acquisition
Basic service set identification BSSID and the first AP BSSID differences when, determine the releasing that the message of acquisition includes
The quantity of message identifying and/or disassociation message, however, it is determined that the quantity be more than predetermined threshold value, then the first AP is determined
2nd AP is rogue AP.In compared with the prior art by way of disposing multiple collecting devices and detection service device, this
Rogue AP whether there is by the i.e. detectable surroundings of AP itself in inventive embodiments, without increasing additional hardware cost,
And it disposes simple.
Description of the drawings
Fig. 1 is a kind of flow diagram of detection rogue AP method provided in an embodiment of the present invention;
Fig. 2 is a kind of flow diagram of detection rogue AP method provided in an embodiment of the present invention;
Fig. 3 is a kind of structural schematic diagram of first AP provided in an embodiment of the present invention.
Specific implementation mode
To make the objectives, technical solutions, and advantages of the present invention clearer, below in conjunction with attached drawing to the present invention make into
It is described in detail to one step, it is clear that described embodiments are only a part of the embodiments of the present invention, rather than whole implementation
Example.Based on the embodiments of the present invention, obtained by those of ordinary skill in the art without making creative efforts
All other embodiment, shall fall within the protection scope of the present invention.
The embodiment of the present invention provides a kind of detection illegal wireless access points (English:Wireless Access
Point, referred to as:AP method and device), deployment is complicated when solving to exist in the prior art detection rogue AP, and cost
Higher problem.Wherein, method and apparatus are the principle phases that are solved the problems, such as due to method and device based on same inventive concept
Seemingly, therefore the implementation of apparatus and method can be with cross-reference, and overlaps will not be repeated.
The preferred embodiment of the present invention is described in detail below in conjunction with the accompanying drawings.
As shown in fig.1, for the method schematic diagram of detection rogue AP provided in an embodiment of the present invention, the method specifically may be used
To include as follows:
S101, the first AP acquire the message that the 2nd AP is sent.
Wherein, the first AP can periodically acquire the message that surrounding AP is sent, and the 2nd AP can be positioned at described
Any AP around first AP.
The message can be beacon (beacon) message or data message etc..
S102, the basic service set identification carried in the message of acquisition (English:Basic Service Set
Identifier, referred to as:When BSSID) with the BSSID differences of the first AP, the first AP determines the message of acquisition
Include releases the quantity of message identifying and/or disassociation message.
It can be deauthentication messages to release message identifying, and disassociation message can be
Disassociation messages.
S103, when the determining quantity is more than predetermined threshold value, the first AP determines that the 2nd AP is rogue AP.
Wherein, the predetermined threshold value can be the quantity for the terminal device for accessing the first AP, or other
Preset value, the embodiment of the present invention are not specifically limited herein.
The message that the 2nd AP is sent is acquired by the first AP in the embodiment of the present invention, and is carried in the message of acquisition
Basic service set identification BSSID and the first AP BSSID differences when, determine the releasing that the message of acquisition includes
The quantity of message identifying and/or disassociation message, however, it is determined that the quantity be more than predetermined threshold value, then the first AP is determined
2nd AP is rogue AP.In compared with the prior art by way of disposing multiple collecting devices and detection service device, this
Rogue AP whether there is by the i.e. detectable surroundings of AP itself in inventive embodiments, without increasing additional hardware cost,
And it disposes simple.
Optionally, when the BSSID carried in the message of acquisition is identical as the BSSID of the first AP, described
One AP determines that the 2nd AP is rogue AP.
In a kind of possible embodiment, the releasing certification that the message of acquisition includes is determined in the first AP
Before the quantity of message and/or disassociation message, the first AP can determine the service carried in the message of acquisition
Set identifier (English:Service Set Identifier, referred to as:SSID) identical as the SSID of the first AP.
Concrete application scene is given below in embodiment for a better understanding of the present invention, is detected to the first AP illegal
The process of AP is specifically described, as shown in Fig. 2, detecting the schematic diagram of rogue AP process for the first AP.
S201, the first AP the beacon messages that periodically acquisition surrounding AP is sent.
The beacon messages that any AP (being referred to as the 2nd AP) that S202, the first AP are directed in surrounding AP is sent are solved
Analysis, determines the SSID and BSSID of the 2nd AP.
S203, the first AP judge whether the BSSID of the BSSID and the first AP of the 2nd AP are identical;If so, executing step
S207;If it is not, executing step S204.
S204, the first AP judge whether the SSID of the SSID and the first AP of the 2nd AP are identical;If so, executing step S205;
If it is not, executing step S208.
S205, the first AP determine the message deauthentication messages that include that the 2nd AP is sent and
The quantity of disassociation messages.
S206, the first AP judge whether the quantity is more than the quantity for the terminal device for being connected to the first AP;If so, executing
Step S207;If it is not, executing step S208.
S207, the first AP determine that the 2nd AP is rogue AP.
S208, the first AP determine that the 2nd AP is legal AP.
The message that the 2nd AP is sent is acquired by the first AP in the embodiment of the present invention, and is carried in the message of acquisition
Basic service set identification BSSID and the first AP BSSID differences when, determine the releasing that the message of acquisition includes
The quantity of message identifying and/or disassociation message, however, it is determined that the quantity be more than predetermined threshold value, then the first AP is determined
2nd AP is rogue AP.In compared with the prior art by way of disposing multiple collecting devices and detection service device, this
Rogue AP whether there is by the i.e. detectable surroundings of AP itself in inventive embodiments, without increasing additional hardware cost,
And it disposes simple.
Based on the same inventive concept of embodiment of the method corresponding with Fig. 1, the embodiment of the present invention provides one kind the first AP
The structure of 30, the first AP 30 as shown in figure 3, include acquisition module 31 and determining module 32, wherein:
Acquisition module 31, the message for acquiring the 2nd AP transmissions;
Determining module 32, the basic service set identification for being carried in the message that the acquisition module 31 acquires
When the BSSID differences of BSSID and the first AP, the releasing message identifying and/or solution that the message of acquisition includes are determined
Except the quantity of association message;When the determining quantity is more than predetermined threshold value, determine that the 2nd AP is rogue AP.
Optionally, the determining module 32 is additionally operable to carry in the message that the acquisition module 31 acquires
When BSSID is identical as the BSSID of the first AP, determine that the 2nd AP is rogue AP.
Optionally, the predetermined threshold value is the quantity for the terminal device for accessing the first AP.
Optionally, the determining module 32 is additionally operable in the releasing message identifying for determining that the message of acquisition includes
And/or before the quantity of disassociation message, the service set SSID that carries and described the are determined in the message of acquisition
The SSID of one AP is identical.
Optionally, the 2nd AP is any AP around the first AP.
It should be understood by those skilled in the art that, the embodiment of the present invention can be provided as method, system or computer program
Product.Therefore, complete hardware embodiment, complete software embodiment or reality combining software and hardware aspects can be used in the present invention
Apply the form of example.Moreover, the present invention can be used in one or more wherein include computer usable program code computer
The computer program production implemented in usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.)
The form of product.
The present invention be with reference to according to the method for the embodiment of the present invention, the flow of equipment (system) and computer program product
Figure and/or block diagram describe.It should be understood that can be realized by computer program instructions every first-class in flowchart and/or the block diagram
The combination of flow and/or box in journey and/or box and flowchart and/or the block diagram.These computer programs can be provided
Instruct the processor of all-purpose computer, special purpose computer, Embedded Processor or other programmable data processing devices to produce
A raw machine so that the instruction executed by computer or the processor of other programmable data processing devices is generated for real
The device for the function of being specified in present one flow of flow chart or one box of multiple flows and/or block diagram or multiple boxes.
These computer program instructions, which may also be stored in, can guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works so that instruction generation stored in the computer readable memory includes referring to
Enable the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one box of block diagram or
The function of being specified in multiple boxes.
These computer program instructions also can be loaded onto a computer or other programmable data processing device so that count
Series of operation steps are executed on calculation machine or other programmable devices to generate computer implemented processing, in computer or
The instruction executed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram one
The step of function of being specified in a box or multiple boxes.
Although preferred embodiments of the present invention have been described, it is created once a person skilled in the art knows basic
Property concept, then additional changes and modifications may be made to these embodiments.So it includes excellent that the following claims are intended to be interpreted as
It selects embodiment and falls into all change and modification of the scope of the invention.
Obviously, various changes and modifications can be made to the invention without departing from essence of the invention by those skilled in the art
God and range.In this way, if these modifications and changes of the present invention belongs to the range of the claims in the present invention and its equivalent technologies
Within, then the present invention is also intended to include these modifications and variations.
Claims (10)
1. a kind of method of detection rogue AP, which is characterized in that including:
First AP acquires the message that the 2nd AP is sent;
It is described when the BSSID differences of the basic service set identification BSSID carried in the message of acquisition and the first AP
First AP determines the quantity for releasing message identifying and/or disassociation message that the message of acquisition includes;
When the determining quantity is more than predetermined threshold value, the first AP determines that the 2nd AP is rogue AP.
2. the method as described in claim 1, which is characterized in that the method further includes:
When the BSSID carried in the message of acquisition is identical as the BSSID of the first AP, described in the first AP determinations
2nd AP is rogue AP.
3. the method as described in claim 1, which is characterized in that the predetermined threshold value is to access the terminal device of the first AP
Quantity.
4. the method as described in claim 1, which is characterized in that determine that the message of acquisition includes in the first AP
Before the quantity for releasing message identifying and/or disassociation message, the method further includes:
First AP determines that the service set SSID carried in the message acquired is identical as the SSID of the first AP.
5. such as Claims 1-4 any one of them method, which is characterized in that the 2nd AP is positioned at the described first AP weeks
Any AP enclosed.
6. the first AP of one kind, which is characterized in that including:
Acquisition module, the message for acquiring the 2nd AP transmissions;
Determining module, the basic service set identification BSSID for being carried in the message that the acquisition module acquires and institute
When stating the BSSID differences of the first AP, the releasing message identifying and/or disassociation message that the message of acquisition includes are determined
Quantity;When the determining quantity is more than predetermined threshold value, determine that the 2nd AP is rogue AP.
7. the first AP as claimed in claim 6, which is characterized in that the determining module is additionally operable to adopt in the acquisition module
When the BSSID carried in the message of collection is identical as the BSSID of the first AP, determine that the 2nd AP is rogue AP.
8. the first AP as claimed in claim 6, which is characterized in that the predetermined threshold value is to access the terminal of the first AP to set
Standby quantity.
9. the first AP as claimed in claim 6, which is characterized in that the determining module is additionally operable to determining described in acquisition
Before the quantity for releasing message identifying and/or disassociation message that message includes, determines and carried in the message of acquisition
Service set SSID it is identical as the SSID of the first AP.
10. such as the first AP of claim 6 to 9 any one of them, which is characterized in that the 2nd AP is positioned at the first AP
Any AP of surrounding.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810105829.6A CN108419238A (en) | 2018-02-02 | 2018-02-02 | A kind of method and device of detection rogue AP |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810105829.6A CN108419238A (en) | 2018-02-02 | 2018-02-02 | A kind of method and device of detection rogue AP |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108419238A true CN108419238A (en) | 2018-08-17 |
Family
ID=63126768
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810105829.6A Pending CN108419238A (en) | 2018-02-02 | 2018-02-02 | A kind of method and device of detection rogue AP |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108419238A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110087244A (en) * | 2019-04-29 | 2019-08-02 | 新华三技术有限公司 | A kind of information acquisition method and device |
CN113709745A (en) * | 2021-07-31 | 2021-11-26 | 新华三技术有限公司成都分公司 | Method for coloring configured basic service set and identifying illegal AP (access point) and AP |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103327484A (en) * | 2013-06-27 | 2013-09-25 | 深圳市共进电子股份有限公司 | Method for clearing illegal AP in wireless local area network |
CN103648094A (en) * | 2013-11-19 | 2014-03-19 | 华为技术有限公司 | Method, device and system for detecting illegal wireless access point |
CN106102068A (en) * | 2016-08-23 | 2016-11-09 | 大连网月科技股份有限公司 | A kind of illegal wireless access point detection and attack method and device |
CN106790299A (en) * | 2017-03-20 | 2017-05-31 | 京信通信技术(广州)有限公司 | A kind of wireless attack defence method and device applied in wireless access point AP |
-
2018
- 2018-02-02 CN CN201810105829.6A patent/CN108419238A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103327484A (en) * | 2013-06-27 | 2013-09-25 | 深圳市共进电子股份有限公司 | Method for clearing illegal AP in wireless local area network |
CN103648094A (en) * | 2013-11-19 | 2014-03-19 | 华为技术有限公司 | Method, device and system for detecting illegal wireless access point |
CN106102068A (en) * | 2016-08-23 | 2016-11-09 | 大连网月科技股份有限公司 | A kind of illegal wireless access point detection and attack method and device |
CN106790299A (en) * | 2017-03-20 | 2017-05-31 | 京信通信技术(广州)有限公司 | A kind of wireless attack defence method and device applied in wireless access point AP |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110087244A (en) * | 2019-04-29 | 2019-08-02 | 新华三技术有限公司 | A kind of information acquisition method and device |
CN113709745A (en) * | 2021-07-31 | 2021-11-26 | 新华三技术有限公司成都分公司 | Method for coloring configured basic service set and identifying illegal AP (access point) and AP |
CN113709745B (en) * | 2021-07-31 | 2023-11-07 | 新华三技术有限公司成都分公司 | Method for coloring and identifying illegal AP (access point) by configuring basic service set and AP |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106792992B (en) | Method and equipment for providing wireless access point information | |
EP3562257B1 (en) | Wireless fidelity (wi-fi) connection method and related product | |
US10009718B2 (en) | Sign-in method and device, sign-in server, and storage medium | |
CN105281906A (en) | Safety authentication method and device | |
CN107743130B (en) | Fingerprint matching method, device and system | |
CN107135149B (en) | Method and equipment for recommending social users | |
CN107172209B (en) | Information pushing method and device | |
KR20150065410A (en) | Access point connection method of electronic apparatus and electronic appparatus thereof | |
CN110474879B (en) | Identity recognition preprocessing method, identity recognition method, and equipment and system thereof | |
CN106465175A (en) | Method for collecting and aggregating network quality data | |
CN105574948A (en) | Checking-in method and equipment | |
CN103944893A (en) | Communication method and user equipment | |
CN106600275A (en) | Risk identification method and apparatus thereof | |
CN106686587B (en) | Wireless fidelity Wi-Fi connection method, mobile terminal and medium | |
CN105790948A (en) | Identity authentication method and identity authentication device | |
CN104980420A (en) | Business processing method, device, terminal and server | |
CN108419238A (en) | A kind of method and device of detection rogue AP | |
CN104038900A (en) | Locating method and equipment | |
CN106658670B (en) | A kind of Wireless Fidelity Wi-Fi scan method and mobile terminal | |
CN109040050A (en) | Data interactive method and Related product | |
CN108156586A (en) | Phone number acquisition methods and system, server, storage medium | |
CN105812343A (en) | Wearable service authentication method, cloud platform, wearable device and terminal | |
CN105282821A (en) | Terminal and method for connecting the terminal with wireless fidelity WiFi access point | |
CN115801299B (en) | Meta universe identity authentication method, device, equipment and storage medium | |
CN106888496B (en) | A kind of Wireless Fidelity Wi-Fi connection method and mobile terminal |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180817 |
|
RJ01 | Rejection of invention patent application after publication |